Bug 1042361

Summary: [RFE][python-neutronclient]: Limit logging of credentials in services using the client
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/python-neutronclient/+spec/limit-credentials-logging
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_new
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:16:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 21:53:06 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/python-neutronclient/+spec/limit-credentials-logging.

Description:

Currently, debug settings cause logging of the credentials in services using neutronclient. This should be limited unless explicitly requested, as credentials will be stored in log files for a long time and most likely will be still usable after many days.

Shell utilities do not need to have the redaction enabled, since debug messages are not visible by default. Even when they're enabled, they're not stored permanently and may be useful for reproducing the exact action using curl.

Further removing all tokens could be useful, but since their usage is limited in time and they're used all over different parts of the code, it's a separate, much longer task.

Specification URL (additional information):

None